Rethinking Location Privacy for Unknown Mobility Behaviors presented at IEEEEuroS&P 2019

by Carmela Troncoso, Fernando Perez-gonzalez, Simon Oya,

Summary : Location Privacy-Preserving Mechanisms (LPPMs) in the literature largely consider that users' data is available for training, and that it wholly characterizes their mobility patterns. Thus, they *hardwire* this information in their designs and evaluate their privacy properties with these same data. In this paper, we aim to understand the impact of this decision on the level of privacy these LPPMs may offer in real life when the users' mobility data may be different from the data used in the design phase. Our results show that, in many cases, training data does not capture users' behavior accurately and, thus, the level of privacy provided by the LPPM is often overestimated. To address this gap between theory and practice, we propose to use *blank-slate models* for LPPM design. Contrary to the hardwired approach, that assumes known users' behavior, blank-slate models *learn* the user's behavior from the queries to the service provider. We leverage this blank-slate approach to develop a new family of LPPMs, that we call Profile Estimation-Based LPPMs. Using real data, we empirically show that our proposal outperforms optimal state-of-the-art mechanisms designed on *sporadic* hardwired models. On *non-sporadic* location privacy scenarios, our method is only better if the location release is not continuous. It is our hope that eliminating the need to bootstrap the mechanisms with training data and ensuring that the mechanisms are lightweight and easy to compute help fostering the integration of location privacy protections in deployed systems.